Signed Values

Signed values are a specialized field type that enables machine steps to generate tamper-proof variables that are valid only for the user who requested them. They are particularly useful in scenarios where it is critical to trust values sent from the client, as they allow one machine step to verify that it is receiving an unmodified output from another machine step within the same application.

Example Scenario

Let’s consider an example to illustrate where signed values can be used. As described in this section, Run As Flow User is a commonly used feature that allows IFS 10 machine steps to be executed using the currently logged-in Flow user by default.

In Flow Connect, the :userId flow variable represents the logged-in Flow user and always contains the user’s email address. An important point to note is that :userId is, by default, a signed value, meaning it can be trusted to be tamper-proof.

To mimic the Run As Flow User functionality in Flow Connect you can run a simple query at the start of each application to retrieve the corresponding IFS User ID for the currently logged-in Flow user. This query result will produce :ifsUserId which will be used in all subsequent machine steps as the Run As User value.

You can use :ifsUserId to fetch additional user details such as company, default site, employee ID, and similar attributes. These values are then passed to subsequent machine steps to retrieve further data that is both sensitive and user-specific. For example, financial transactions, personal information, or time and attendance (clocking) details.

In a scenario like this, it is critical to ensure that :ifsUserId is tamper-proof, since subsequent machine steps rely on this value being both safe and accurate. To address this, we revisit our initial example where :ifsUserId is retrieved and apply a small modification, as shown below. By marking :ifsUserId as a signed value, we ensure that it cannot be altered and can be safely trusted throughout the remaining machine steps. By doing so, we can prevent accidental exposure or unauthorized access to user-specific and sensitive data.